SCOM ACS + CMBD Portal

Adam_DzyackyAdam_Dzyacky Customer Contributor Monkey ✭✭✭✭✭

The SCOM and CMDB portal integration brought historical performance statistics from the SCOM DW right into the Configuration Item (Computer) page. But what about when it comes to Users? While there isn't anything that SCOM can directly offer, something else on its installation media can - SCOM Auditing Collection Services (ACS) can pick up and log historical security events on a per user basis. Since it's just another SQL database that stores all of this information, we can follow the same basic integration logic of:

  • Create a new Data Source to ACS, then create new Dashboard Query for ACS in the SCSM portal's Admin Settings
  • Introduce a custom System.Domain.User.js page that compliments @Justin_Workman's History customization. In doing so, you'll have SCSM specific history alongside environment wide history.
  • Introduce JavaScript that updates the new Security page with a Kendo Grid to render the results from ACS


Now when navigating into a user, we can see the new Security tab showing historical Event Data for said user. But unlike the original SCOM integration, ACS doesn't have incredibly detailed information about the events. Sure there is the Category, but if you're looking for something a bit more detailed this grid introduces a right-click to take you over to the relevant Microsoft Docs page by simply just appending the Event ID to the URL.

Other columns available are Event Time, the Device the Event occurred on, and in some cases the account that is responsible for the change if it was made e.g. AD Object changes, password changes, etc.


Comments

Sign In or Register to comment.